Dhanji R. Prasanna has an excellent retrospective on his time on the Google Wave team. He sums up the problem with big teams very well:

And this is the essential broader point–as a programmer you must have a series of wins, every single day. It is the Deus Ex Machina of hacker success. It is what makes you eager for the next feature, and the next after that. And a large team is poison to small wins. The nature of large teams is such that even when you do have wins, they come after long, tiresome and disproportionately many hurdles. And this takes all the wind out of them.

For me, that’s really the crux of it. As a programmer, it kills you to not get stuff done. Large teams necessarily involve more communication, more complexity, and less getting stuff done. Large teams are a programmers equivalent of retirement.

In every city there are two different humours, one rising from the people’s desire not to be ordered and commanded by the nobles, and the other from the desire of the nobles to command and oppress the people.

You cannot satisfy the nobles honestly and without harming others, but you certainly can satisfy the people. In fact, the aim of the common people is more honest that that of the nobles, since the nobles want to oppress others, while the people simply want not to be oppressed.

The Prince must always live among the same people, but he can do very well without a particular set of noblemen.

Substitute nobles with the 1%, and substitute Prince with President, and you get the advice he would probably give today.

Your goal as a negotiator is to get the target(s) (the person or people you are trying to arrest) to surrender peacefully to law enforcement.

Sometimes there are hostages, and then your priority is securing their release, but usually there are not. By getting them to put down their weapons and come out you are usually saving their lives, and also protecting your colleagues.

The last resort is an armed assault by the SWAT team. Prior to negotiation being taken seriously by law enforcement, this was the only option.

Make exclusive contact

First and foremost, you need to get in contact with them. Usually they are keen to talk, and most often you can use the phone line. Sometimes you have to get the SWAT team to bring them a field telephone. Sometimes you stand outside the window or at the foot of the stairs, and shout. And occasionally, as in the Beltway sniper case you have to ask the media to say things and hope the target hears.

Control their environment:

• Their phone line goes only to you. Not to the press, not to anyone else. You are their only hope, and their only friend.

• Manage what they can see from their windows, and what they can hear.

Listen calmly

Listen. Often they are highly emotional, scared, and cornered. A friendly listener at the end of the phone can make all the difference.

Initially they will rant and rave at you, they need to get that out of their system. Wait. Listen. Stay calm. Once they settle down, change the negotiator, so that they are not having to build rapport with someone they have verbally abused.

Encourage them to draw up a list of demands. When dealing with a group, identify the individuals most likely to reach a peaceful settlement, and deal exclusively with them.

The author recounts a prison siege where the prisoners had no leadership and no demands. The negotiator had to help them organize themselves, and babysit them into drawing up a list of demands. He then got the prison authorities to say they agreed to the demands in principle, and the siege ended.

Build rapport

Build trust. He usually introduces himself by saying: “Hi I’m Gary and I’m here to make sure you get out safe”.

Humanize yourself. Gary’s team sent in pictures of themselves, hand written notes, even videos of the negotiators playing with their children.

Learn everything you can about the target and their background. Bring up any common ground.

If they won’t talk to you, find a neutral intermediary they will trust.

Talk, even if they don’t answer. Hearing your voice will reassure the hostages. It also allows you to address any fears or concerns you think they have, which they haven’t vocalized yet. Defuse those fears.

You don’t have to be nice

Don’t give anything unless it is reciprocated. For example if they want food they have to send out a hostage. The exception is if your concession would help build trust, or if they have nothing to give up (except themselves).

If negotiation stalls, get the SWAT team to put on a show of force. Make it clear you are their only option of making it out safe. The exception here is if you think that might endanger the hostages. You’re the good cop to the SWAT’s bad cop.

If that doesn’t help, cut creature comforts – electricity, gas, water, etc.

Go slowly. You control the situation, not the hostage taker. In one situation the target requested a cup of coffee with milk and sugar. It was delivered two hours later, cold, and black.

Most significant demands on their part you will reply to with “I’m not authorized to do that, but I’ll ask my boss”. You’re on their side, against your nasty boss. They need to work with you to help you make their demands acceptable to that dis-agreeable boss of yours.

Lie if you have to, but be very careful because getting caught out will damage trust. There are certain legal restrictions on negotiators, mostly that they have to give the target an opportunity to surrender before the SWAT team attacks. You need to say and do whatever it takes to secure the safe release of the hostages. This often involves minimizing the crime, assuring them that everything will be fine once they come out: “you haven’t hurt anyone, no serious crime has been committed”.

Get them to focus on the future, on life after the crisis (even when you know they don’t have a future). It’s all going to be OK, they’ll be back fishing in that favorite lake of theirs in no time. Their boss is holding their job for them.

Remind them about the relatively minor crime which started the situation. Surely no-one should get hurt over such a trifle:

• the Waco siege started after the Branch Davidians refused to allow law enforcement to execute a search warrant

• Ruby ridge was initially about making illegal firearms (sawing off a shotgun barrel).

Manage the SWAT team

The way Gary Noesner describes it, every stand-off is a double stand-off. You are trying to convince the target to exit the building peacefully, and you are trying to convince the SWAT team to stay out of the building. Traditional law enforcement is ego-driven and in a hurry. They do not readily accept waiting several weeks for someone to agree to be arrested.

If you are re-assuring the target that their crime’s are minor, and then the SWAT team moves an assault vehicle onto the front lawn, that undermines your relationship. You need to work together.

The author ascribes the failures of the Waco siege to lack of co-ordination between negotiators and SWAT, and in fact to SWAT’s complete disregard for negotiation. Gary Noesner was chief negotiator at the Waco siege, and Stalling For Time features a fascinating account of the situation.

Stalling For Time is an exciting and interesting read. I was surprised how little formal psychology is involved – negotiators have a ‘street psychology’, which matches many formal findings, but I expected the F.B.I. to have behavioral scientists and research psychologists on staff. Possibly they do, but it wasn’t mentioned.

I am grateful for people like Gary Noesner, who do an immensely difficult and important job on two levels. Firstly they save the lives of hostages, hostage takers, and law enforcement. Secondly, they teach traditional law enforcement personnel that patience, humility, and understanding are as important to their jobs as running around waving assault rifles.

They listened to voicemail of the 7/7 terrorist attack victims, politicians, a murdered schoolgirl (including erasing some messages, leading the family to think she lived), the British Royal Family, various celebrities, and other journalists.

The newspaper in question, the News of the World, is owned by News Corporation, who’s Chairman and CEO is Rupert Murdoch, 117th richest and one of the most powerful people in the world (13th according to Forbes, ‘Top 100′ according to Time).

This BBC timeline shows how bad things are:

• The editor of the newspaper at the time, Andy Coulson, is now the Prime Minister’s director of communications. He has been arrested for phone hacking and for bribing the police.

• Britain’s two most senior policemen have resigned: Metropolitan Police Commissioner Sir Paul Stephenson and Assistant Commissioner John Yates. The police had found no evidence of wrongdoing at the tabloid and refused to investigate further. They employed Neil Wallis, who was deputy editor of the News of the World during the phone hacking.

• The chief executive of the newspaper, Rebekah Brooks, has been arrested. She had previously admitted in a commons (government) inquiry to paying the police for information.

• Several more journalists have been arrested, other papers owned by Rupert Murdoch also used illegally obtained phone tap information (The Sunday Times, and The Sun), and US politicians are calling for the FBI to investigate.

And now Sean Hoare, the journalist who first went on record implicating the editor of the tabloid (and Prime Minister’s advisor), who just last week claimed journalists paid police to locate people’s mobile phones has been found dead.

The weekend before, Sean Hoare explained a “broken nose and badly injured foot” by saying he suffered them “taking down a marquee erected for a children’s party”.

And, and this is the best bit, the police, yes the police who are deeply involved here, state that the death is “not thought to be suspicious”. Let’s do some stats on that.

Theory 1: He just, euh, died

He might have died without any help. People do. He was 47. He was at a 1 in 279 risk of dying in any given year, thats 0.35%.

He had “drink and drug” problems. He was a journalist and showbiz editor, so we can assume ‘drugs’ here means cocaine.

In a recent study 15% of 18-34 year olds said they had tried it. That’s just under a million people (15% of 6.4 million). Of those, 325 people died. That’s a risk of death of 1 in 3,000. I couldn’t find any stats on the risks to a 47 year old so let’s take a stab in the dark and double the risk to 1 in 1500.

Alcohol liver disease is one of the leading causes of death for people in his age group in Britiain (alcohol and drug addiction treatment). In 2005 alcoholism killed about 500 people like him, out of 1.8 Million in that age group, a risk of 0.027% or 1 in 3600.

So we do 1/279 + 1/1500 + 1/3600 ~= 0.45% risk of death.

I’m being fast and loose with the numbers here (for example part of the drug and alcohol death risk is already accounted for in the overall risk), but, in summary, the risk is low. 47 year old men in England don’t often just drop dead, even if they drink and take drugs. Note further that there has been no mention of the death being alcohol or drug related, so I’m being generous with the odds of death here.

Sean Hoare is not the only person who’s death would have been suspicious. I count 23 people in that BBC Timeline who seem to be involved enough to implicate others. Their ages and risk factors differ, so let’s go with a middle ground, the same 1 / 279. The risk of anyone involved in the investigation dying this year is about 8% (1/279 * 23), still pretty unlikely.

Theory 2: He was murdered

He might not have ‘just died’. He might have been killed. The beating he took the weekend before might not have come from a children’s marquee.

What is the risk of death for a 47 year old white male who’s testimony may send to prison policemen, political advisers, journalists, and private investigators, and who might have recently been beaten up? I’d say it’s higher than 0.45%, wouldn’t you?

So, British Metropolitan Police, “the death is currently being treated as unexplained but not thought to be suspicious”. Really?

This page is about contributing to the network by running a relay (or server, or node – same thing). If you want to use Internet services anonymously, you probably want the Tor Browser Bundle.

There’s also general instructions on running a relay. Mine are specific to Ubuntu / Debian.

Install it from the official repository

Edit your sources list: /etc/apt/sources.list

Add the following lines. Substitute ‘lucid’ with your Ubuntu or Debian version see list:

# Tor
deb http://deb.torproject.org/torproject.org lucid main
deb-src http://deb.torproject.org/torproject.org lucid main

Add the Tor public key:

gpg --keyserver keys.gnupg.net --recv 886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -

Install it:

sudo apt-get update
sudo apt-get install tor

Edit the obvious parts of the config file

Edit the config file: /etc/tor/torrc, mainly the This section is just for relays part.

Set the ORPort. Give your relay a nice Nickname. Set Address, ContactInfo, and so on.

RelayBandwidthRate: Throttle it

The RelayBandwidthRate and RelayBandwidthBurst settings are very important. The Tor network has many clients (think Tunisia, Egypt, Libya, Anonymous, etc), and they’ll take all the bandwidth you can spare. Here’s what happened to my bandwidth when I left it unthrottled.

After the peak, you can see two steps where I throttled it back gradually.

ExitPolicy: Decide whether you will be an exit relay, and what kind of exit

Traffic in the tor network bounces around between relays, then exits to the real destination. If the Tor user does something nasty to the destination, they will complain to the hosting provider of the exit relay, because it looks like the traffic comes from there.

Your first step should be to just get your relay up and running, without any further reading, so start with no exits:

ExitPolicy reject *:* # no exits allowed

Start it

sudo /etc/init.d/tor start
sudo tail -f /var/log/tor/notices.log

Congratulations! You are now, in a small way, helping oppressed people all over the world.

ExitPolicy redux

Exit relays are obviously very important, so you should consider being one. Read these to help you decide:

• So what should I expect if I run an exit relay?
• Tips for running an exit node with minimal harassment

You can decide which ports you allow users to connect to from your exit relay. Obvious ones to block are port 25 (to prevent sending of email spam) and bittorrent ports 6881-7000 (to keep the network fast). Blocking port 80 should cut the bulk of the abuse, but also makes your node less useful, so that’s a tough call.

If you want to dip your toes in the exit waters, be an IRC exit node. IRC is being used by some people in the North African and Middle-Eastern uprisings.

ExitPolicy accept *:6660-6667,reject *:*  # allow irc ports but no more

I ran an IRC-only exit for a while with no problems. I’ve recently opened it up a bit more. Here is my current exit policy:

ExitPolicy accept *:22  # ssh
ExitPolicy accept *:465 # smtps (SMTP over SSL)
ExitPolicy accept *:993 # imaps (IMAP over SSL)
ExitPolicy accept *:994 # ircs (IRC over SSL)
ExitPolicy accept *:995 # pop3s (POP3 over SSL)
ExitPolicy accept *:6660-6697 # allow irc ports, very widely
ExitPolicy reject *:* # no other exits allowed

Assuming you put correct contact information in your config file, the Tor project will send you an email once your node has been up for a few days, to welcome you to the network.

Happy relaying!

A few months back, I took the password off my WiFi router, and opened it up to the world, with SSID yes_we_are_sharing. Why?

The best answers are given by security expert Bruce Shneier – why open wireless. The second best answer is that Tor hacker Jacob Applebaum also runs open WiFi.

Here are my answers, and the reasons why you should join us.

What’s changed?

The only difference between an encrypted wireless network and an open wireless network is that the part between your computer and the router is no longer encrypted by the router. Anyone can listen in, and anyone can connect to your router and access the big wide Internet.

The part between your computer and your router is only a tiny part of the journey your data takes between you and, say, your online bank. None of the part after the router has changed; if it was encrypted before, it still is, and if it wasn’t is still isn’t, and you should fix that. Read one for how.

Reason: It’s nice

Have you ever used anyone else’s open router? Maybe one named ‘dlink’, ‘linksys’, or a Mac AirPort? I bet you were happy that was there for you. When you move into a new home, when you have problems with your connection, or simply when you’re out and about, it’s great to have a free network. Opening up my network is my small way of giving back.

Myth: Bad people in your front garden

The first question most people ask about open wifi is this: What if someone uses my connection to do something bad?

To use your connection, they would have to be a direct neighbour of yours, or sitting outside your house.

Isn’t it more likely they would go that extra block to the warm and dry coffee shop?

Do you hear of coffee shop owners going to jail much? What about the ‘dlink’ and ‘linksys’ people? “Bad People” typically have their own Internet connection.

Real Risk: Eavesdropping

You might be worried that other people will steal your secrets. Again, they’d have to be sitting in your front garden.

There’s a much better place to steal people’s online banking data, than your front garden: in a coffee shop, at a conference, or, best of all, in an airport.

Reason: It makes you safer

You should setup your machine so that all your connections are encrypted, wherever you are. Opening your home wireless gives you that extra discipline.

• Secure your web browsing. When doing anything senstive, make sure you are using the ‘https’ protocol (your browser will be showing a padlock).

• Secure your email. If using webmail, make sure it’s over https. GMail, to Google’s great credit, has that as the default. If you are using regular email, makes sure you use the encrypted protocol – IMAPS or POPS.

• Secure you IM conversations. Google Talk is encrypted if your client supports it (Pidgin does). Skype is encrypted. As far as I could tell, Yahoo Messenger isn’t, so avoid it.

Weak Risk: Your neighbourhood hacker

If you’re using Windows, you should be running a personal firewall on your machine. I believe there is now one built-in to Windows. Make sure it is switched on.

Administration

Most computers will auto-connect to any available wireless network when they start up. If you notice the same machines on your network every day for a while, they are probably auto-connecting. You’ll need to add rules to your router to ban their MAC address, shunting them back to their own router.

The point of open wireless isn’t to make your neighbours Internet connection redundant, but to temporarily help people out. Your neighbours don’t want to use your connection, as their is typically faster for them (they are closer to their router).

WiFi is everywhere. Afghanistan has the Ehsan Bayat TSI network.

Happy sharing!

If you are concerned about identity theft, visit identity hawk and research the services they can offer.

http://www.nytimes.com/2009/07/19/technology/19distracted.html

Here’s some excerpts:

in a survey of 1,506 people last year by Nationwide Mutual Insurance, 81 percent of cellphone owners acknowledged that they talk on phones while driving, and 98 percent considered themselves safe drivers. But 45 percent said they had been hit or nearly hit by a driver talking on a phone.

That’s the Lake Wobegon effect, the tendency for overestimate their capabilities in relation to others.

…research, showing that multitasking drivers are four times as likely to crash as people who are focused on driving, matches the findings of two studies, in Canada and in Australia, of drivers on actual roads. The highway safety administration estimates that drivers using a hand-held device are at 1.3 times greater risk of a crash or near crash, and at three times the risk when dialing, compared with others who are simply driving. The agency based its conclusions on research from the Virginia Tech Transportation Institute, which placed cameras inside cars to monitor drivers for more than a year. The study found cellphones to be the most common cause of driver distraction. Research also shows that drivers conversing with fellow passengers do not present the same danger, because adult riders help keep drivers alert and point out dangerous conditions and tend to talk less in heavy traffic or hazardous weather.

The research shows that having a conversation on a hands-free sets is as dangerous as a conversation on a handheld phone – the problem is that, unlike a passenger, the person on the phone doesn’t stop distracting you when road conditions change, and they aren’t a second pair of eyes compensating for your distraction.

So if the research is so strong, there are so many lives to be saved, how come we haven’t solved this one yet. Read on:

Joe Simitian, a state senator in California, managed to get his hands-free legislation, an effort he began in 2001, passed in 2006. He argued, based on data collected by the California Highway Patrol, that drivers using cellphones caused more fatalities than all the drivers distracted by eating, children, pets or personal hygiene. In each previous year, the bill was killed — after lobbying by cellphone carriers, including Sprint, AT&T and T-Mobile. Mr. Simitian said that in the first two years, he would visit the offices of his colleagues on the Transportation Committee on the day of the vote and “find three cellphone industry lobbyists sitting in the legislator’s office,” Mr. Simitian said. “They’d just smile.”

Extremist material of any kind always looks gaudy and cheap, like a bad pizza menu. Not because they can’t afford decent computers – these days you can knock up a professional CD cover on a pay-as-you-go mobile – but because anyone who’s good at graphic design is likely to be a thoughtful, inquisitive sort by nature. And thoughtful, inquisitive sorts tend to think fascism is a bit shit, to be honest. If the BNP really were the greatest British party, they’d have the greatest British designer working for them – Jonathan Ive, perhaps, the man who designed the iPod. But they don’t. They’ve got someone who tries to stab your eyes out with primary colours.

Read the article: Charlie Brooker on the BNP and their political broadcast.

Instead of databases becoming available as a result of Freedom Of Information Act requests, government officials should be required to justify why any public data should not be freely available to the taxpayers who paid for its creation.

Wow, what an exciting time to be in North America.

From the O’Reilly Radar.

It was an unreal, frightening time, and it was predictable that people would flee the airports. Perhaps surprisingly, though, they didn’t start digging backyard bomb shelters. Instead, most went to work and carried on living. They just didn’t fly. They drove instead. Politicians worried what the mass exodus of Americans from planes to cars would do to the airline industry, so a bailout was put together. But no one talked about the surge in car travel. Why would they? It was trivia. There were deadly threats to worry about. But what no politician mentioned is that air travel is safer than driving. Dramatically safer – so much so that the most dangerous part of a typical commercial flight is the drive to the airport. The safety gap is so large, in fact, that planes would still be safer than cars if the threat of terrorism were unimaginably worse than it actually is: An American professor calculated that even if terrorists were hijacking and crashing one passenger jet a week in the United States, a person who took one flight a month for a year would a have only a 1-in-135,000 chance of being killed in a hijacking – a trivial risk compared to the annual 1-in-6,000 odds of being killed in a car crash. Risk analysts knew all about this safety gap. And they understood what a large-scale shift from planes to cars would mean. It’s simple mathematics. If one person gives up the relative safety of flying and drives instead, it’s not a big deal. He will almost certainly survive. But if millions of people take the same risk, it is just as likely that some of them will lose the gamble and their lives. But car crashes aren’t like terrorist hijackings. They aren’t covered live on CNN. They aren’t discussed endlessly by pundits. They don’t inspire Hollywood movies and television shows. They aren’t fodder for campaigning politicians. And so in the months following the September 11 attacks, as politicians and journalists worried endlessly about terrorism, anthrax, and dirty bombs, people who fled the airports to be safe from terrorism crashed and bled to death on America’s roads. And nobody noticed.

This is exactly why I setup the Rational Fear website. This looks to be a very good book.

The comparison of the risks of air versus car travel (‘An American professor’) comes from an op-ed piece by Michael Rothschild, emeritus professor at the University of Wisconsin, first published in the Washington Post on November 25th 2001. Thanks to Dan Gardner for providing me with the reference.